Common Vulnerability Scoring System (CVSS) Version 2, calculated from the metrics provided in the CVSS vector provided from the vulnerability source. This field is deprecated and will be removed in the future. The cvssV2Score can be obtained from the metrics field of the listVulnerabilities endpoint. Note: Numbers greater than Number.MAX_SAFE_INTEGER will result in rounding issues.
Common Vulnerability Scoring System (CVSS) Version 3, calculated from the metrics provided in the CVSS vector provided from the vulnerability source. This field is deprecated and will be removed in the future. The cvssV3Score can be obtained from the metrics field of the listVulnerabilities endpoint. Note: Numbers greater than Number.MAX_SAFE_INTEGER will result in rounding issues.
Unique vulnerability identifier, e.g. CVE-1999-0067.
Indicates if the vulnerability is a false positive according to the usage data. If no usage data was provided or the service cannot infer usage of the vulnerable code then this property is {@code null}.
Indicates if the vulnerability was ignored according to the audit configuration.
ADM qualitative severity score. Can be either NONE, LOW, MEDIUM, HIGH or CRITICAL.
Source that published the vulnerability
A vulnerability is a weakness or error in an artifact. A vulnerability is a generalization of a CVE (every CVE is a vulnerability, but not every vulnerability has a CVE).